According to new Justice Department e-mails obtained by the American Civil Liberties Union (ACLU) of Northern California, and published on Wednesday, federal investigators have been routinely using “stingrays" to catch bad guys. A stingray is a device that can create a false cellphone tower, and allows authorities to determine a particular mobile phone’s precise location. Stingrays aren't new—law enforcement agencies nationwide are believed to have been using them for years.

But one e-mail in the new trove reveals something brand-new: that the Feds were not fully clear about the fact that they were specifically using stingrays (also known as “IMSI catchers”) when asking for permission to conduct electronic surveillance from federal magistrate judges.

A press representative from the United States Department of Justice did not respond to Ars’ request for comment.

Groups like the ACLU are concerned that unsupervised use of such technology can inadvertently collect information of people who are not suspected of any crime, nor under investigation.

Stingray-based surveillance

The ACLU intervened as an amicus in the case of a federal defendant, Daniel David Rigmaiden, who is facing dozens of federal charges of identify theft, mail fraud, and other charges stemming from an alleged massive fraudulent tax refund ring. Rigmaiden and another as-yet unnamed co-conspirator are in federal custody. A third man, Ransom Marion Carter, III, remains a federal fugitive.

“Before this e-mail, we did not know whether Rigmaiden was an outlier,” Linda Lye told Ars, explaining that little is known about the scope of stingrays’ use. Now it's clear they have been using stingrays as a matter of course.

As a result of this new disclosure, Lye has filed a motion to leave the new file with the court. Consequently, Rigmaiden filed a motion that the evidence resulting from the stingray—which allowed authorities to arrest Rigmaiden and search his apartment—be suppressed.

“There's definitely a lot riding on [his] motion,” Lye added. “The government would have to establish that there was independent probable cause without using this device to know that this was the right apartment to search.” If they can't prove that, substantial evidence is likely to be suppressed, and that would throw a wrench into the prosecution.

Between 2005 and 2008, federal investigators allege that the trio (Rigmaiden, Carter and the unnamed person) filed over 1,900 fake tax returns online, yielding $4 million sent to over 170 bank accounts.

The ACLU received the group of e-mails last week as the result of a Freedom of Information Act request jointly filed with the San Francisco Bay Guardian, a local alt-weekly newspaper.

On Wednesday, Lye published (PDF) the e-mails, and will formally present them Thursday to a federal court in Arizona, where Rigmaiden’s case is ongoing.

Lye wrote that these e-mails confirm “the need for suppressing the evidence in the Rigmaiden case because it shows that the government was engaged in a widespread practice of withholding important information for judges, and that it did so for years.”

“We hope that the court sends the clear message to the government that it cannot keep judges in the dark. Judges are not rubber stamps—they are constitutional safeguards of our privacy.”

A May 23, 2011 e-mail from Miranda Kane, chief of the criminal division at the United States Attorney’s Office, to her colleagues, states:

As some of you may be aware, our office has been working closely with the magistrate judges in an effort to address their collective concerns regarding whether a pen register is sufficient to authorize the use of law enforcement's [stingray] WIT technology (a box that simulates a cell tower and can be placed inside a van to help pinpoint an individual's location with some specificity) to locate an individual. It has recently come to my attention that many agents are still using WIT technology in the field although the pen register application does not make that explicit.

Or, as Lye concludes: “Notably, this email chain is dated May 2011, some three years after the Stingray's use in Rigmaiden's case—meaning the government was not ‘forthright’ in its applications to federal magistrate judges for at least three years.”

In December 2011, noted German security expert Karsten Nohl released "Catcher Catcher"—a piece of software that monitors network traffic and looks at the likelihood that a stingray is in use.

"The Hacker"

Rigmaiden’s case dates back several years. In 2007 and early 2008, the Internal Revenue Service identified a bank account at Compass Bank in Phoenix that seemed to be receiving fraudulent tax refunds under the name “Carter Tax & Accounting, LLC.” Authorities identified Carter as being involved in the possible scheme.

In April 2008, the second co-conspirator was arrested in Utah, and that case remains under seal. This suspect and the Hacker were deemed to be above Carter in the tax fraud ring.

From April to August 2008, federal investigators tracked the Hacker via his Arizona bank account, and via packages sent to a Northern California apartment. According to the FBI, on July 23, 2008, the Hacker was served with a 50-count indictment under seal. Within two weeks, the man was arrested in Santa Clara, California, “after a foot and car chase,” following the pinpointing of his location because of the stingray.

An FBI press release detailed the rest of the story: after searching the Hacker's person, authorities found a key to his apartment, and with a search warrant, searched his Santa Clara apartment and storage unit in San Jose, seizing “a laptop and multiple hard drives, $116,340 in cash, over $208,000 in gold coins, approximately $10,000 in silver coins, false identification documents, false identification manufacturing equipment, and surveillance equipment.”

Investigators identified the Hacker, via his fingerprints, as prior felon Daniel David Rigmaiden.

According to an IRS special agent’s search warrant (PDF), Rigmaiden’s computer also included “Email regarding leaving the United States for the country of Dominica…[and] documents regarding obtaining citizenship in other countries; emails regarding paying off Dominican officials to get Dominican birth certificates and passports; and a Belize residency guide.”

Rigmaiden’s indictment was initially sealed, pending cooperation with a federal investigation. But by January 2010, Rigmaiden declined to cooperate, and moved to represent himself (after firing three attorneys) and the case was subsequently unsealed.

By early 2008, undercover operatives identified another man who was dubbed “the Hacker,” as well as another as-yet unnamed co-conspirator who served higher up than Carter. They then opened a bank account for the Hacker, who unknowingly deposited some fraudulently obtained tax refunds electronically into that account.

So, the Feds didn't know who this guy was, but managed to open a dummy account in his name anyway… Then, The Hacker unwittingly used the account whose very existence he was unaware of…

One tends to wonder aloud: If law enforcement was transparent about the technology and means that it uses to gather and surveil, what proportion of criminals would avoid becoming criminals based on the knowledge of the likelihood of them getting caught being that much greater?

By early 2008, undercover operatives identified another man who was dubbed “the Hacker,” as well as another as-yet unnamed co-conspirator who served higher up than Carter. They then opened a bank account for the Hacker, who unknowingly deposited some fraudulently obtained tax refunds electronically into that account.

So, the Feds didn't know who this guy was, but managed to open a dummy account in his name anyway… Then, The Hacker unwittingly used the account whose very existence he was unaware of…

This, I'm confused as well. I thought maybe I misread it, but I can't imagine why you'd deposit funds into an account you're not aware exists. Who goes to a bank and just asks for the existence of accounts in a given name, then deposits money in those accounts without knowing it's the right account? Particularly when one is involved in fraud??

By early 2008, undercover operatives identified another man who was dubbed “the Hacker,” as well as another as-yet unnamed co-conspirator who served higher up than Carter. They then opened a bank account for the Hacker, who unknowingly deposited some fraudulently obtained tax refunds electronically into that account.

So, the Feds didn't know who this guy was, but managed to open a dummy account in his name anyway… Then, The Hacker unwittingly used the account whose very existence he was unaware of…

I read it as "We know who The Hacker is, and that he's working with someone else. We monitored The Hacker and found he was attempting to open an account at X bank. We opened an account and gave him that account's information instead. The Hacker then sent fraudulent tax refunds to that account."

That's only after reading through it a couple times to make sure, though. I could still be wrong, it's happened before.

And DOJ et al claim they do not have the technical tools needed and something like this pops up. It appears DOJ has the tools to effectively spy on anyone and will use them whenever they think they can fool the courts.

And DOJ et al claim they do not have the technical tools needed and something like this pops up. It appears DOJ has the tools to effectively spy on anyone and will use them whenever they think they can fool the courts.

I hate these kind of situations. Here we are with a defendant that allegedly really is an evil guy that needs to be gotten off the street, and we have to choose between being letting the government go too far, or letting a really vile scumbag back onto the street.

I hate these kind of situations. Here we are with a defendant that allegedly really is an evil guy that needs to be gotten off the street, and we have to choose between being letting the government go too far, or letting a really vile scumbag back onto the street.

Rock, meet hard place.

Not really.

The guy isn't going to stop being evil, and the cops will keep an eye on him and catch him doing something else later. Or he realizes he is being watched and has to move and reinvent himself elsewhere or goes straight until he thinks he can go back to the easy life. It's still just one guy.

But if we let the gov't go too far now, it is next to impossible to reign it in later. And it fucks things up for everybody.

I hate these kind of situations. Here we are with a defendant that allegedly really is an evil guy that needs to be gotten off the street, and we have to choose between being letting the government go too far, or letting a really vile scumbag back onto the street.

Rock, meet hard place.

It is worse when the DOJ breaks or very severely bends the law to get a conviction. No one is truly safe from overzealous prosecution and shaky evidence.

Just how exactly do you file a fraudulent tax return and get money from the IRS? Do they file as another taxpayer? You have to pay taxes to get a refund. Well anyway, that isn't the topic of the article.

The last time the stingray was a topic, it came down to the feds fake cell site using no encryption. (As a reminder, the cell site sets the encryption, not the phone.) Some phones are supposed to indicate this reduced security level.

Why after all these years can't they make an app to refuse to affiliate with cell sites that have no encrption? Or just put it in the phone OS. It isn't just the stingray you need to worry about. Some countries use weak encryption so the cops can monitor your calls. And of course the hackers can as well.

If you went to the "catcher catcher" link, the silent ping is related to SMS. I set my firewall to refuse SMS. I don't know for sure if that stops the silent ping or not.

If you saw the DEFCON demo of what amounts to a stingray, they easily "pwnd" phones with this technique, so phones need to be hardened for this attack. And if it stops the FBI, well they can always get a warrant and get your location from the carrier.

One tends to wonder aloud: If law enforcement was transparent about the technology and means that it uses to gather and surveil, what proportion of criminals would avoid becoming criminals based on the knowledge of the likelihood of them getting caught being that much greater?

One tends to wonder aloud: If law enforcement was transparent about the technology and means that it uses to gather and surveil, what proportion of criminals would take better care and thus avoid being caught, and what proportion of non-criminals would learn of the technology and become criminals through using it for new and nefarious purposes?

I'm curious if something like the Antennas for Android app could be used to detect this, for countersurveillance. I've got it installed and I am already familiar with exactly where the normal towers are near me. I installed it as a novelty, though I can see multiple potential uses.

See a new antenna this week? Maybe an error in the app because the antenna can't be cross-referenced with the known public locations of legit antennas? Bingo. Go find it, you have the map to the location already. Bring donuts.

Law enforcement relies on the fact that your mobile phone automatically sends out signals that they capture to avoid needing a warrant. But if you send a clever request to a server and it automatically sends back a response, you can go to prison. It should always or never be okay to get a response from a public interface when it reveals something intended to be private. But yet again, the government has double standards.

My take on this is they are demanding that law enforcement agencies MUST specify exactly what technologies will be used to catch criminals before they can get a warrant to use electronic surveillance. Where do they find a judge who is qualified to decide which technique is appropriate for each individual case?

If you are not the target of the warrant, then any info gotten from a tap is supposedly inadmissible in court. The reality is that if they 'accidentally' - or 'accidentally on purpose' pick up anything incriminating, they can then find a reason to start a surveillance on the new target - possibly leading to another warrant to tap them.

While I find in highly unlikely that they are going to go out of their way to try to find people who are minor criminals by randomly taping into phones - It is a possibility. The Congress should (but probably won't) come up with some reasonable guidelines on taping communications of any kind - by specifying one particular kind of communication - they are leaving others open to be exploited by the criminals - and the cops.

So, for example - with today's rules, your written snail mail may protected, but your email may not be. Your wired phone is protected but your cell phone may not be. The law should not specify what form the communication takes - or what form a 'wire' tap should take - If they get a warrant to tap your communications - then all forms of communication should be valid targets. If they don't have a warrant - then NO form of communication should be used against you in court. We can make an exception for conversations made in public where there is no expectation of privacy - this would include that idiot that has his cell on speaker while in public.

I hate these kind of situations. Here we are with a defendant that allegedly really is an evil guy that needs to be gotten off the street, and we have to choose between being letting the government go too far, or letting a really vile scumbag back onto the street.

Rock, meet hard place.

It's called the Blackstone Formulation, which says that the majesty of the state's justice is so great, that must never be brought to bear upon the innocent, even though it may mean that criminals go free, or obversely, that virtue of innocence (in the non-criminal sense) is so great, that our zeal to prosecute wrongdoers has to be greatly checked in order that no innocent victims are prosecuted.

I hate these kind of situations. Here we are with a defendant that allegedly really is an evil guy that needs to be gotten off the street, and we have to choose between being letting the government go too far, or letting a really vile scumbag back onto the street.

Rock, meet hard place.

It's not a difficult place at all. It only becomes difficult when you start thinking that the ends justify the means. If you believe in due process then sometimes bad guys go free and that is one of the costs of having a Government that doesn't have ultimate power. If catching bad guys is important enough to bend the rules depending on the perceived badness of the criminal, then we aren't a country of laws and we should just admit it, start assuming the worst of people, and having the police function as judge/jury/executioner.

My take on this is they are demanding that law enforcement agencies MUST specify exactly what technologies will be used to catch criminals before they can get a warrant to use electronic surveillance. Where do they find a judge who is qualified to decide which technique is appropriate for each individual case?

If you are not the target of the warrant, then any info gotten from a tap is supposedly inadmissible in court. The reality is that if they 'accidentally' - or 'accidentally on purpose' pick up anything incriminating, they can then find a reason to start a surveillance on the new target - possibly leading to another warrant to tap them.

While I find in highly unlikely that they are going to go out of their way to try to find people who are minor criminals by randomly taping into phones - It is a possibility. The Congress should (but probably won't) come up with some reasonable guidelines on taping communications of any kind - by specifying one particular kind of communication - they are leaving others open to be exploited by the criminals - and the cops.

So, for example - with today's rules, your written snail mail may protected, but your email may not be. Your wired phone is protected but your cell phone may not be. The law should not specify what form the communication takes - or what form a 'wire' tap should take - If they get a warrant to tap your communications - then all forms of communication should be valid targets. If they don't have a warrant - then NO form of communication should be used against you in court. We can make an exception for conversations made in public where there is no expectation of privacy - this would include that idiot that has his cell on speaker while in public.

In this case, they didn't tap any phones in the sense of listening in. The SCOTUS has said that you have a reasonable expectation that your voice communications are private. In this case they use electronic signals radiating from your phone (when you aren't even talking) to locate you. The important question is whether you have an expectation of location privacy.

For example, your cell phone connects to towers as a matter of protocol. If you are driving up I-95 it hands off from tower to tower to tower, so that when someone calls your number, the mobile switching station knows to route that connection request to the tower at 28th street in Seaside Heights NJ, where you are at the beach. In this manner whenever your phone is on, the cellular system knows where it is to the level of tower. So the cell company right now, assuming it logs this data, knows when you drove across the country, when you drove to work, where you go out at night, et cetera. All of this information doesn't rely on listening into your conversation.

And this is information the cell company just has by virtue of the cellular system. No subterfuge, no surreptious SW installed, no specfic targeting done by anyone.

The question is more succinctly, does the government have probable cause to target an individual, and does the government need a warrant to target electronic detection and intercept systems at people, and does the government need a warrant to get artifacts from commerical communications and information system providers with whom the targeted individual has a business relationship.

How many of these stories of government evil, inefficiency, prosecutorial abuse, going to war in places you don't care about, and spying need to happen before everyone wakes up to the fact:

it doesn't matter who you vote for

No matter who you vote for, if you give a government more power and more money, they're going to use that power and money to do evil eventually. And if you don't like it, they have the power to arrest you with a government gun.

No, i don't like WalMart, Monsanto or Donald Trump either. But i haven't set foot in a WalMart in over a year. WalMart doesn't have arrest powers. WalMart can't *make* me do anything. When i ignore a corporation, they have no power over me.

THE BANKS!!! Look at the banks! Right - they fucked up, and who gave them money? That's right - the government.

When you give the government more power and more money and things to do for you, its in exchange for your rights. Yes, this means you can hurt yourself - but there is no utopia. Either take care of yourself and your family, or lose your rights as the government takes care of you.

You know, like they took care of Manning, and Schwartz, and all the guys in Gitmo ,and Iraq, and Afghanistan.

You know how the government made all that happen? Tax dollars. Stop giving them tax dollars and then they'll stop being able to pay for assholes to do asshole things. No one works for free, especially government workers.

Yesterday, my wife called my cell phone & said that the battery was dead in her van. I told her I'd stop by NAPA on the way home to buy a new one. I look at my gmail a couple seconds later and an Advanced Auto Parts email pops in my box. I've never received an email from Advanced Auto Parts before that. Spies are everywhere!

My take on this is they are demanding that law enforcement agencies MUST specify exactly what technologies will be used to catch criminals before they can get a warrant to use electronic surveillance. Where do they find a judge who is qualified to decide which technique is appropriate for each individual case?

If you are not the target of the warrant, then any info gotten from a tap is supposedly inadmissible in court. The reality is that if they 'accidentally' - or 'accidentally on purpose' pick up anything incriminating, they can then find a reason to start a surveillance on the new target - possibly leading to another warrant to tap them.

While I find in highly unlikely that they are going to go out of their way to try to find people who are minor criminals by randomly taping into phones - It is a possibility. The Congress should (but probably won't) come up with some reasonable guidelines on taping communications of any kind - by specifying one particular kind of communication - they are leaving others open to be exploited by the criminals - and the cops.

So, for example - with today's rules, your written snail mail may protected, but your email may not be. Your wired phone is protected but your cell phone may not be. The law should not specify what form the communication takes - or what form a 'wire' tap should take - If they get a warrant to tap your communications - then all forms of communication should be valid targets. If they don't have a warrant - then NO form of communication should be used against you in court. We can make an exception for conversations made in public where there is no expectation of privacy - this would include that idiot that has his cell on speaker while in public.

In this case, they didn't tap any phones in the sense of listening in. The SCOTUS has said that you have a reasonable expectation that your voice communications are private. In this case they use electronic signals radiating from your phone (when you aren't even talking) to locate you. The important question is whether you have an expectation of location privacy.

For example, your cell phone connects to towers as a matter of protocol. If you are driving up I-95 it hands off from tower to tower to tower, so that when someone calls your number, the mobile switching station knows to route that connection request to the tower at 28th street in Seaside Heights NJ, where you are at the beach. In this manner whenever your phone is on, the cellular system knows where it is to the level of tower. So the cell company right now, assuming it logs this data, knows when you drove across the country, when you drove to work, where you go out at night, et cetera. All of this information doesn't rely on listening into your conversation.

And this is information the cell company just has by virtue of the cellular system. No subterfuge, no surreptious SW installed, no specfic targeting done by anyone.

The question is more succinctly, does the government have probable cause to target an individual, and does the government need a warrant to target electronic detection and intercept systems at people, and does the government need a warrant to get artifacts from commerical communications and information system providers with whom the targeted individual has a business relationship.

What the hell is your problem? This is supposed to be a thread about how evil the government is and how the world has come to an end. Don't go confusing the issue with facts, rationality and a desire to accurately describe the issues. Who knows what chaos might ensue from such a course.

Federal investigators have been routinely using “stingrays" to catch bad guys. A stingray is a device that can create a false cellphone tower…

So if I partake in some shady behavior and get the feds interested, will I at least get decent cell reception as part of the deal?

LOL. No.If I remember correctly from presentation I half listened to at Black Hat a couple years ago, which may not represent exactly what the Feds are doing, the "fake tower" which can be as simple as a cheap cell phone running some custom software. You're phone searches for cell towers on the order of every so many seconds. The fake tower responds, and the communications includes the phone's IMSI. No actual voice or data communications need to actually go through the fake tower. The IMSI uniquely identifies a cell phone. I'm not sure how they go about matching the IMSI to a person.The concern the presenter raised was that the FBI may have been using these to monitor who attended protests. It seems like a pretty easy way to gather data on who is in a crowd, or even track how many of the same people attend different protests even if you can't match the IMSI with individuals.

There was a presentation about this at Black Hat and Defcon a couple years ago. I can't remember the presenter's name at the moment, but it's not something that has been newly exposed.

You are right that such things never get much attention until some scum's lawyer tries to raise the public awareness for self serving ends.

The problem is too often the government tries to use technology to bend the rules. This results in a scum bag going free because some moronic cop or DA did not want to fill the warrant application either properly or at all and relied on an argument such as how cellphones work. If the bozos in this case had properly filed for warrants this issue would never come up. So what happens is a competent defense attorney notices there are problems with the warrants (or lack of warrants) and can challenge the government's actions by pointing out the government did not follow the rules to a judge. Most likely someone is to eager to solve a case or get a conviction.

I have been aware for several years that the approximate location of a cellphone can be easily tracked by which tower it was pinging. I have heard of a couple murder convictions that were gotten because the cellphone movements destroyed the defendant's alibi. In one case the defendant claimed to be about 100 miles away when the murder happened but the cellphone location was near a cell tower close to the victim. Someone's alibi is in trouble because their cellphone near the murder scene at the time of the murder; raising the question who had it at the time and why did they have it. This was done using the providers location logs which were obtained via a subpoena.

And DOJ et al claim they do not have the technical tools needed and something like this pops up. It appears DOJ has the tools to effectively spy on anyone and will use them whenever they think they can fool the courts.

Who is running the DOJ - Himmler, Beria, Dzerzhinsky?

Well, someone is eager to get to Godwin....

I know there is another law referencing the invocation of Godwin's law.